accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mmil...@apache.org
Subject [accumulo-testing] branch master updated: ACCUMULO-4717 Refactor WalkingSecurity to use API (#9)
Date Wed, 25 Oct 2017 19:40:12 GMT
This is an automated email from the ASF dual-hosted git repository.

mmiller pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/accumulo-testing.git


The following commit(s) were added to refs/heads/master by this push:
     new 03453ac  ACCUMULO-4717 Refactor WalkingSecurity to use API (#9)
03453ac is described below

commit 03453aceeed5559e07ccf1ee82f39115004d6313
Author: Mike Miller <mmiller@apache.org>
AuthorDate: Wed Oct 25 15:40:10 2017 -0400

    ACCUMULO-4717 Refactor WalkingSecurity to use API (#9)
    
    Simplified WalkingSecurity by removing the inheritance from server
    classes and removing unused code. Now it is simply a helper class and
    the other classes in the randomwalk framework call the API directly.
    Also added try catch blocks where exceptions are now thrown.
---
 .../core/randomwalk/security/AlterTable.java       |  20 +-
 .../core/randomwalk/security/AlterTablePerm.java   |  17 +-
 .../core/randomwalk/security/Authenticate.java     |   2 +-
 .../core/randomwalk/security/ChangePass.java       |   2 +-
 .../core/randomwalk/security/CreateTable.java      |   3 +-
 .../core/randomwalk/security/CreateUser.java       |   6 +-
 .../core/randomwalk/security/DropTable.java        |  12 +-
 .../testing/core/randomwalk/security/DropUser.java |   6 +-
 .../testing/core/randomwalk/security/TableOp.java  |  35 +++-
 .../testing/core/randomwalk/security/Validate.java |   6 -
 .../core/randomwalk/security/WalkingSecurity.java  | 208 +--------------------
 11 files changed, 88 insertions(+), 229 deletions(-)

diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTable.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTable.java
index ee26003..1283fd7 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTable.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTable.java
@@ -25,6 +25,7 @@ import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.TableExistsException;
 import org.apache.accumulo.core.client.TableNotFoundException;
 import org.apache.accumulo.core.client.security.SecurityErrorCode;
+import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv;
 import org.apache.accumulo.testing.core.randomwalk.State;
@@ -34,13 +35,26 @@ public class AlterTable extends Test {
 
   @Override
   public void visit(State state, RandWalkEnv env, Properties props) throws Exception {
-    Connector conn = env.getAccumuloInstance().getConnector(WalkingSecurity.get(state, env).getSysUserName(),
WalkingSecurity.get(state, env).getSysToken());
+    String systemUser = WalkingSecurity.get(state, env).getSysUserName();
+    Connector conn = env.getAccumuloInstance().getConnector(systemUser, WalkingSecurity.get(state,
env).getSysToken());
 
     String tableName = WalkingSecurity.get(state, env).getTableName();
 
     boolean exists = WalkingSecurity.get(state, env).getTableExists();
-    boolean hasPermission = conn.securityOperations().hasTablePermission(WalkingSecurity.get(state,
env).getSysUserName(), tableName,
-        TablePermission.ALTER_TABLE);
+    boolean hasPermission;
+    try {
+      hasPermission = conn.securityOperations().hasTablePermission(systemUser, tableName,
TablePermission.ALTER_TABLE)
+          || conn.securityOperations().hasSystemPermission(systemUser, SystemPermission.ALTER_TABLE);
+    } catch (AccumuloSecurityException ae) {
+      if (ae.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) {
+        if (exists)
+          throw new TableExistsException(null, tableName, "Got a TableNotFoundException but
it should exist", ae);
+        else
+          return;
+      } else {
+        throw new AccumuloException("Got unexpected ae error code", ae);
+      }
+    }
     String newTableName = String.format("security_%s_%s_%d", InetAddress.getLocalHost().getHostName().replaceAll("[-.]",
"_"), env.getPid(),
         System.currentTimeMillis());
 
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTablePerm.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTablePerm.java
index 30f727f..8d1d4a6 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTablePerm.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTablePerm.java
@@ -22,7 +22,9 @@ import java.util.Random;
 import org.apache.accumulo.core.client.AccumuloException;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;;
+import org.apache.accumulo.core.client.TableExistsException;
 import org.apache.accumulo.core.client.admin.SecurityOperations;
+import org.apache.accumulo.core.client.security.SecurityErrorCode;
 import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
@@ -78,8 +80,19 @@ public class AlterTablePerm extends Test {
     Connector conn = env.getAccumuloInstance().getConnector(sourceUser, sourceToken);
     SecurityOperations secOps = conn.securityOperations();
 
-    canGive = secOps.hasSystemPermission(sourceUser, SystemPermission.ALTER_TABLE)
-            || secOps.hasTablePermission(sourceUser, tableName, TablePermission.GRANT);
+    try {
+      canGive = secOps.hasSystemPermission(sourceUser, SystemPermission.ALTER_TABLE)
+              || secOps.hasTablePermission(sourceUser, tableName, TablePermission.GRANT);
+    } catch (AccumuloSecurityException ae) {
+      if (ae.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) {
+        if (exists)
+          throw new TableExistsException(null, tableName, "Got a TableNotFoundException but
it should exist", ae);
+        else
+          return;
+      } else {
+        throw new AccumuloException("Got unexpected ae error code", ae);
+      }
+    }
 
     // toggle
     if (!"take".equals(action) && !"give".equals(action)) {
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Authenticate.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Authenticate.java
index e524d07..63105f4 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Authenticate.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Authenticate.java
@@ -52,7 +52,7 @@ public class Authenticate extends Test {
     boolean exists = WalkingSecurity.get(state, env).userExists(target);
     // Copy so if failed it doesn't mess with the password stored in state
     byte[] password = Arrays.copyOf(WalkingSecurity.get(state, env).getUserPassword(target),
WalkingSecurity.get(state, env).getUserPassword(target).length);
-    boolean hasPermission = conn.securityOperations().hasSystemPermission(principal, SystemPermission.SYSTEM);
+    boolean hasPermission = conn.securityOperations().hasSystemPermission(principal, SystemPermission.SYSTEM)
|| principal.equals(target);
 
     if (!success)
       for (int i = 0; i < password.length; i++)
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/ChangePass.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/ChangePass.java
index 589edff..585a2c1 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/ChangePass.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/ChangePass.java
@@ -56,7 +56,7 @@ public class ChangePass extends Test {
 
     targetExists = WalkingSecurity.get(state, env).userExists(target);
 
-    hasPerm = conn.securityOperations().hasSystemPermission(target, SystemPermission.ALTER_USER);
+    hasPerm = conn.securityOperations().hasSystemPermission(principal, SystemPermission.ALTER_USER)
|| principal.equals(target);
 
     Random r = new Random();
 
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateTable.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateTable.java
index 5e71410..de11d62 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateTable.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateTable.java
@@ -23,6 +23,7 @@ import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.TableExistsException;
 import org.apache.accumulo.core.client.security.SecurityErrorCode;
+import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv;
 import org.apache.accumulo.testing.core.randomwalk.State;
@@ -37,7 +38,7 @@ public class CreateTable extends Test {
     String tableName = WalkingSecurity.get(state, env).getTableName();
 
     boolean exists = WalkingSecurity.get(state, env).getTableExists();
-    boolean hasPermission = WalkingSecurity.get(state, env).canCreateTable(WalkingSecurity.get(state,
env).getSysCredentials(), null, null);
+    boolean hasPermission = conn.securityOperations().hasSystemPermission(WalkingSecurity.get(state,
env).getSysUserName(), SystemPermission.CREATE_TABLE);
 
     try {
       conn.tableOperations().create(tableName);
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateUser.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateUser.java
index 91e8f8b..ca9afbe 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateUser.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateUser.java
@@ -22,6 +22,7 @@ import org.apache.accumulo.core.client.AccumuloException;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.security.tokens.PasswordToken;
+import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv;
 import org.apache.accumulo.testing.core.randomwalk.State;
 import org.apache.accumulo.testing.core.randomwalk.Test;
@@ -30,12 +31,13 @@ public class CreateUser extends Test {
 
   @Override
   public void visit(State state, RandWalkEnv env, Properties props) throws Exception {
-    Connector conn = env.getAccumuloInstance().getConnector(WalkingSecurity.get(state, env).getSysUserName(),
WalkingSecurity.get(state, env).getSysToken());
+    String sysPrincipal = WalkingSecurity.get(state, env).getSysUserName();
+    Connector conn = env.getAccumuloInstance().getConnector(sysPrincipal, WalkingSecurity.get(state,
env).getSysToken());
 
     String tableUserName = WalkingSecurity.get(state, env).getTabUserName();
 
     boolean exists = WalkingSecurity.get(state, env).userExists(tableUserName);
-    boolean hasPermission = WalkingSecurity.get(state, env).canCreateUser(WalkingSecurity.get(state,
env).getSysCredentials(), tableUserName);
+    boolean hasPermission = conn.securityOperations().hasSystemPermission(sysPrincipal, SystemPermission.CREATE_USER);
     PasswordToken tabUserPass = new PasswordToken("Super Sekret Table User Password");
     try {
       conn.securityOperations().createLocalUser(tableUserName, tabUserPass);
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropTable.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropTable.java
index db6b7a3..66fc0e2 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropTable.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropTable.java
@@ -25,6 +25,7 @@ import org.apache.accumulo.core.client.TableExistsException;
 import org.apache.accumulo.core.client.TableNotFoundException;
 import org.apache.accumulo.core.client.security.SecurityErrorCode;
 import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
+import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv;
 import org.apache.accumulo.testing.core.randomwalk.State;
@@ -41,6 +42,7 @@ public class DropTable extends Test {
     String sourceUser = props.getProperty("source", "system");
     String principal;
     AuthenticationToken token;
+    boolean hasPermission = false;
     if (sourceUser.equals("table")) {
       principal = WalkingSecurity.get(state, env).getTabUserName();
       token = WalkingSecurity.get(state, env).getTabToken();
@@ -53,12 +55,18 @@ public class DropTable extends Test {
     String tableName = WalkingSecurity.get(state, env).getTableName();
 
     boolean exists = WalkingSecurity.get(state, env).getTableExists();
-    boolean hasPermission = conn.securityOperations().hasTablePermission(principal, tableName,
TablePermission.DROP_TABLE);
 
     try {
+      hasPermission = conn.securityOperations().hasTablePermission(principal, tableName,
TablePermission.DROP_TABLE)
+          || conn.securityOperations().hasSystemPermission(principal, SystemPermission.DROP_TABLE);
       conn.tableOperations().delete(tableName);
     } catch (AccumuloSecurityException ae) {
-      if (ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
+      if (ae.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) {
+        if (exists)
+          throw new TableExistsException(null, tableName, "Got a TableNotFoundException but
it should have existed", ae);
+        else
+          return;
+      } else if (ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
         if (hasPermission)
           throw new AccumuloException("Got a security exception when I should have had permission.",
ae);
         else {
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropUser.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropUser.java
index 7d1a9b6..933c26d 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropUser.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropUser.java
@@ -21,6 +21,7 @@ import java.util.Properties;
 import org.apache.accumulo.core.client.AccumuloException;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
+import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv;
 import org.apache.accumulo.testing.core.randomwalk.State;
 import org.apache.accumulo.testing.core.randomwalk.Test;
@@ -29,12 +30,13 @@ public class DropUser extends Test {
 
   @Override
   public void visit(State state, RandWalkEnv env, Properties props) throws Exception {
-    Connector conn = env.getAccumuloInstance().getConnector(WalkingSecurity.get(state, env).getSysUserName(),
WalkingSecurity.get(state, env).getSysToken());
+    String sysPrincipal = WalkingSecurity.get(state, env).getSysUserName();
+    Connector conn = env.getAccumuloInstance().getConnector(sysPrincipal, WalkingSecurity.get(state,
env).getSysToken());
 
     String tableUserName = WalkingSecurity.get(state, env).getTabUserName();
 
     boolean exists = WalkingSecurity.get(state, env).userExists(tableUserName);
-    boolean hasPermission = WalkingSecurity.get(state, env).canDropUser(WalkingSecurity.get(state,
env).getSysCredentials(), tableUserName);
+    boolean hasPermission = conn.securityOperations().hasSystemPermission(sysPrincipal, SystemPermission.DROP_USER);
 
     try {
       conn.securityOperations().dropLocalUser(tableUserName);
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/TableOp.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/TableOp.java
index f44511c..7513b23 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/TableOp.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/TableOp.java
@@ -56,10 +56,10 @@ public class TableOp extends Test {
 
   @Override
   public void visit(State state, RandWalkEnv env, Properties props) throws Exception {
-    Connector conn = env.getAccumuloInstance().getConnector(WalkingSecurity.get(state, env).getTabUserName(),
WalkingSecurity.get(state, env).getTabToken());
+    String tablePrincipal = WalkingSecurity.get(state, env).getTabUserName();
+    Connector conn = env.getAccumuloInstance().getConnector(tablePrincipal, WalkingSecurity.get(state,
env).getTabToken());
     TableOperations tableOps = conn.tableOperations();
     SecurityOperations secOps = conn.securityOperations();
-    String tablePrincipal = WalkingSecurity.get(state, env).getTabUserName();
 
     String action = props.getProperty("action", "_random");
     TablePermission tp;
@@ -75,8 +75,15 @@ public class TableOp extends Test {
 
     switch (tp) {
       case READ: {
-        boolean canRead = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.READ);
-        Authorizations auths = WalkingSecurity.get(state, env).getUserAuthorizations(WalkingSecurity.get(state,
env).getTabCredentials());
+        boolean canRead;
+        try {
+          canRead = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.READ);
+        } catch (AccumuloSecurityException ase) {
+          if (tableExists)
+            throw new AccumuloException("Table didn't exist when it should have: " + tableName,
ase);
+          return;
+        }
+        Authorizations auths = secOps.getUserAuthorizations(tablePrincipal);
         boolean ambiguousZone = WalkingSecurity.get(state, env).inAmbiguousZone(conn.whoami(),
tp);
         boolean ambiguousAuths = WalkingSecurity.get(state, env).ambiguousAuthorizations(conn.whoami());
 
@@ -146,7 +153,14 @@ public class TableOp extends Test {
         break;
       }
       case WRITE:
-        boolean canWrite = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.WRITE);
+        boolean canWrite;
+        try {
+          canWrite = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.WRITE);
+        } catch (AccumuloSecurityException ase) {
+          if (tableExists)
+            throw new AccumuloException("Table didn't exist when it should have: " + tableName,
ase);
+          return;
+        }
         boolean ambiguousZone = WalkingSecurity.get(state, env).inAmbiguousZone(conn.whoami(),
tp);
 
         String key = WalkingSecurity.get(state, env).getLastKey() + "1";
@@ -239,8 +253,15 @@ public class TableOp extends Test {
           throw new AccumuloException("Bulk Import succeeded when it should have failed:
" + dir + " table " + tableName);
         break;
       case ALTER_TABLE:
-        AlterTable.renameTable(conn, state, env, tableName, tableName + "plus",
-            secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.ALTER_TABLE),
tableExists);
+        boolean tablePerm;
+        try {
+          tablePerm = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.ALTER_TABLE);
+        } catch (AccumuloSecurityException ase) {
+          if (tableExists)
+            throw new AccumuloException("Table didn't exist when it should have: " + tableName,
ase);
+          return;
+        }
+        AlterTable.renameTable(conn, state, env, tableName, tableName + "plus", tablePerm,
tableExists);
         break;
 
       case GRANT:
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Validate.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Validate.java
index edf9e4d..9e36c86 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Validate.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Validate.java
@@ -101,12 +101,6 @@ public class Validate extends Test {
       }
 
     }
-
-    Authorizations accuAuths = conn.securityOperations().getUserAuthorizations(WalkingSecurity.get(state,
env).getTabUserName());
-    Authorizations auths = WalkingSecurity.get(state, env).getUserAuthorizations(WalkingSecurity.get(state,
env).getTabCredentials());
-
-    if (!auths.equals(accuAuths))
-      throw new AccumuloException("Table User authorizations out of sync");
   }
 
 }
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/WalkingSecurity.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/WalkingSecurity.java
index 071e5ca..4a0c6f2 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/WalkingSecurity.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/WalkingSecurity.java
@@ -17,39 +17,19 @@
 package org.apache.accumulo.testing.core.randomwalk.security;
 
 import java.io.IOException;
-import java.nio.ByteBuffer;
-import java.util.Collection;
 import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
 import java.util.Map;
-import java.util.Set;
-import java.util.TreeSet;
 
 import org.apache.accumulo.core.client.AccumuloSecurityException;
-import org.apache.accumulo.core.client.NamespaceNotFoundException;
 import org.apache.accumulo.core.client.TableNotFoundException;
-import org.apache.accumulo.core.client.impl.Credentials;
-import org.apache.accumulo.core.client.impl.Namespace;
-import org.apache.accumulo.core.client.impl.thrift.SecurityErrorCode;
-import org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException;
 import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
 import org.apache.accumulo.core.client.security.tokens.PasswordToken;
 import org.apache.accumulo.core.security.Authorizations;
-import org.apache.accumulo.core.security.NamespacePermission;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
-import org.apache.accumulo.core.security.thrift.TCredentials;
-import org.apache.accumulo.core.util.CachedConfiguration;
-import org.apache.accumulo.server.AccumuloServerContext;
-import org.apache.accumulo.server.client.HdfsZooInstance;
-import org.apache.accumulo.server.conf.ServerConfigurationFactory;
-import org.apache.accumulo.server.security.SecurityOperation;
-import org.apache.accumulo.server.security.handler.Authenticator;
-import org.apache.accumulo.server.security.handler.Authorizor;
-import org.apache.accumulo.server.security.handler.PermissionHandler;
 import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv;
 import org.apache.accumulo.testing.core.randomwalk.State;
+import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.FileSystem;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -57,7 +37,7 @@ import org.slf4j.LoggerFactory;
 /**
  *
  */
-public class WalkingSecurity extends SecurityOperation implements Authorizor, Authenticator,
PermissionHandler {
+public class WalkingSecurity {
   State state = null;
   RandWalkEnv env = null;
   private static final Logger log = LoggerFactory.getLogger(WalkingSecurity.class);
@@ -79,17 +59,9 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor,
Au
 
   private static WalkingSecurity instance = null;
 
-  public WalkingSecurity(AccumuloServerContext context, Authorizor author, Authenticator
authent, PermissionHandler pm) {
-    super(context, author, authent, pm);
-  }
-
   public WalkingSecurity(State state2, RandWalkEnv env2) {
-    super(new AccumuloServerContext(HdfsZooInstance.getInstance(), new ServerConfigurationFactory(HdfsZooInstance.getInstance())));
     this.state = state2;
     this.env = env2;
-    authorizor = this;
-    authenticator = this;
-    permHandle = this;
   }
 
   public static WalkingSecurity get(State state, RandWalkEnv env) {
@@ -103,81 +75,26 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor,
Au
     return instance;
   }
 
-  @Override
-  public void initialize(String instanceId, boolean initialize) {
-    throw new UnsupportedOperationException("nope");
-  }
-
-  @Override
-  public boolean validSecurityHandlers(Authenticator one, PermissionHandler two) {
-    return this.getClass().equals(one.getClass()) && this.getClass().equals(two.getClass());
-  }
-
-  @Override
-  public boolean validSecurityHandlers(Authenticator one, Authorizor two) {
-    return this.getClass().equals(one.getClass()) && this.getClass().equals(two.getClass());
-  }
-
-  @Override
-  public boolean validSecurityHandlers(Authorizor one, PermissionHandler two) {
-    return this.getClass().equals(one.getClass()) && this.getClass().equals(two.getClass());
-  }
-
-  @Override
-  public void initializeSecurity(TCredentials rootuser, String token) throws ThriftSecurityException
{
-    throw new UnsupportedOperationException("nope");
-  }
-
-  @Override
   public void changeAuthorizations(String user, Authorizations authorizations) throws AccumuloSecurityException
{
     state.set(user + "_auths", authorizations);
     state.set("Auths-" + user + '-' + "time", System.currentTimeMillis());
   }
 
-  @Override
-  public Authorizations getCachedUserAuthorizations(String user) throws AccumuloSecurityException
{
-    return (Authorizations) state.get(user + "_auths");
-  }
-
   public boolean ambiguousAuthorizations(String userName) {
     Long setTime = state.getLong("Auths-" + userName + '-' + "time");
     if (setTime == null)
-      throw new RuntimeException("WTF? Auths-" + userName + '-' + "time is null");
+      throw new RuntimeException("Auths-" + userName + '-' + "time is null");
     if (System.currentTimeMillis() < (setTime + 1000))
       return true;
     return false;
   }
 
-  @Override
-  public void initUser(String user) throws AccumuloSecurityException {
-    changeAuthorizations(user, new Authorizations());
-  }
-
-  @Override
-  public Set<String> listUsers() throws AccumuloSecurityException {
-    Set<String> userList = new TreeSet<>();
-    for (String user : new String[] {getSysUserName(), getTabUserName()}) {
-      if (userExists(user))
-        userList.add(user);
-    }
-    return userList;
-  }
-
-  @Override
-  public boolean authenticateUser(String principal, AuthenticationToken token) {
-    PasswordToken pass = (PasswordToken) state.get(principal + userPass);
-    boolean ret = pass.equals(token);
-    return ret;
-  }
-
-  @Override
   public void createUser(String principal, AuthenticationToken token) throws AccumuloSecurityException
{
     state.set(principal + userExists, Boolean.toString(true));
     changePassword(principal, token);
     cleanUser(principal);
   }
 
-  @Override
   public void dropUser(String user) throws AccumuloSecurityException {
     state.set(user + userExists, Boolean.toString(false));
     cleanUser(user);
@@ -185,61 +102,32 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor,
Au
       state.set("table" + connector, null);
   }
 
-  @Override
   public void changePassword(String principal, AuthenticationToken token) throws AccumuloSecurityException
{
     state.set(principal + userPass, token);
     state.set(principal + userPass + "time", System.currentTimeMillis());
   }
 
-  @Override
   public boolean userExists(String user) {
     return Boolean.parseBoolean(state.getString(user + userExists));
   }
 
-  @Override
   public boolean hasSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException
{
     boolean res = Boolean.parseBoolean(state.getString("Sys-" + user + '-' + permission.name()));
     return res;
   }
 
-  @Override
-  public boolean hasCachedSystemPermission(String user, SystemPermission permission) throws
AccumuloSecurityException {
-    return hasSystemPermission(user, permission);
-  }
-
-  @Override
   public boolean hasTablePermission(String user, String table, TablePermission permission)
throws AccumuloSecurityException, TableNotFoundException {
     return Boolean.parseBoolean(state.getString("Tab-" + user + '-' + permission.name()));
   }
 
-  @Override
-  public boolean hasCachedTablePermission(String user, String table, TablePermission permission)
throws AccumuloSecurityException, TableNotFoundException {
-    return hasTablePermission(user, table, permission);
-  }
-
-  @Override
-  public boolean hasNamespacePermission(String user, Namespace.ID namespace, NamespacePermission
permission) throws AccumuloSecurityException,
-      NamespaceNotFoundException {
-    return Boolean.parseBoolean(state.getString("Nsp-" + user + '-' + permission.name()));
-  }
-
-  @Override
-  public boolean hasCachedNamespacePermission(String user, Namespace.ID namespace, NamespacePermission
permission) throws AccumuloSecurityException,
-      NamespaceNotFoundException {
-    return hasNamespacePermission(user, namespace, permission);
-  }
-
-  @Override
   public void grantSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException
{
     setSysPerm(state, user, permission, true);
   }
 
-  @Override
   public void revokeSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException
{
     setSysPerm(state, user, permission, false);
   }
 
-  @Override
   public void grantTablePermission(String user, String table, TablePermission permission)
throws AccumuloSecurityException, TableNotFoundException {
     setTabPerm(state, user, permission, table, true);
   }
@@ -251,40 +139,17 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor,
Au
 
   private void setTabPerm(State state, String userName, TablePermission tp, String table,
boolean value) {
     if (table.equals(userName))
-      throw new RuntimeException("This is also fucked up");
+      throw new RuntimeException("Something went wrong: table is equal to userName: " + userName);
     log.debug((value ? "Gave" : "Took") + " the table permission " + tp.name() + (value ?
" to" : " from") + " user " + userName);
     state.set("Tab-" + userName + '-' + tp.name(), Boolean.toString(value));
     if (tp.equals(TablePermission.READ) || tp.equals(TablePermission.WRITE))
       state.set("Tab-" + userName + '-' + tp.name() + '-' + "time", System.currentTimeMillis());
   }
 
-  @Override
   public void revokeTablePermission(String user, String table, TablePermission permission)
throws AccumuloSecurityException, TableNotFoundException {
     setTabPerm(state, user, permission, table, false);
   }
 
-  @Override
-  public void grantNamespacePermission(String user, Namespace.ID namespace, NamespacePermission
permission) throws AccumuloSecurityException,
-      NamespaceNotFoundException {
-    setNspPerm(state, user, permission, namespace, true);
-  }
-
-  private void setNspPerm(State state, String userName, NamespacePermission tnp, Namespace.ID
namespace, boolean value) {
-    if (namespace.equals(userName))
-      throw new RuntimeException("I don't even know");
-    log.debug((value ? "Gave" : "Took") + " the table permission " + tnp.name() + (value
? " to" : " from") + " user " + userName);
-    state.set("Nsp-" + userName + '-' + tnp.name(), Boolean.toString(value));
-    if (tnp.equals(NamespacePermission.READ) || tnp.equals(NamespacePermission.WRITE))
-      state.set("Nsp-" + userName + '-' + tnp.name() + '-' + "time", System.currentTimeMillis());
-  }
-
-  @Override
-  public void revokeNamespacePermission(String user, Namespace.ID namespace, NamespacePermission
permission) throws AccumuloSecurityException,
-      NamespaceNotFoundException {
-    setNspPerm(state, user, permission, namespace, false);
-  }
-
-  @Override
   public void cleanTablePermissions(String table) throws AccumuloSecurityException, TableNotFoundException
{
     for (String user : new String[] {getSysUserName(), getTabUserName()}) {
       for (TablePermission tp : TablePermission.values()) {
@@ -294,17 +159,6 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor,
Au
     state.set(tableExists, Boolean.toString(false));
   }
 
-  @Override
-  public void cleanNamespacePermissions(Namespace.ID namespace) throws AccumuloSecurityException,
NamespaceNotFoundException {
-    for (String user : new String[] {getSysUserName(), getNspUserName()}) {
-      for (NamespacePermission tnp : NamespacePermission.values()) {
-        revokeNamespacePermission(user, namespace, tnp);
-      }
-    }
-    state.set(namespaceExists, Boolean.toString(false));
-  }
-
-  @Override
   public void cleanUser(String user) throws AccumuloSecurityException {
     if (getTableExists())
       for (TablePermission tp : TablePermission.values())
@@ -325,20 +179,11 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor,
Au
     return state.getString("system" + userName);
   }
 
-  public String getNspUserName() {
-    return state.getString("namespace" + userName);
-  }
-
   public void setTabUserName(String name) {
     state.set("table" + userName, name);
     state.set(name + userExists, Boolean.toString(false));
   }
 
-  public void setNspUserName(String name) {
-    state.set("namespace" + userName, name);
-    state.set(name + userExists, Boolean.toString(false));
-  }
-
   public void setSysUserName(String name) {
     state.set("system" + userName, name);
   }
@@ -359,14 +204,6 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor,
Au
     return Boolean.parseBoolean(state.getString(namespaceExists));
   }
 
-  public TCredentials getSysCredentials() {
-    return new Credentials(getSysUserName(), getSysToken()).toThrift(this.env.getAccumuloInstance());
-  }
-
-  public TCredentials getTabCredentials() {
-    return new Credentials(getTabUserName(), getTabToken()).toThrift(this.env.getAccumuloInstance());
-  }
-
   public AuthenticationToken getSysToken() {
     return new PasswordToken(getSysPassword());
   }
@@ -411,7 +248,6 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor,
Au
     state.set(namespaceName, nsName);
   }
 
-  @Override
   public void initTable(String table) throws AccumuloSecurityException {
     state.set(tableExists, Boolean.toString(true));
     state.set(tableName, table);
@@ -425,7 +261,7 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor,
Au
     if (tp.equals(TablePermission.READ) || tp.equals(TablePermission.WRITE)) {
       Long setTime = state.getLong("Tab-" + userName + '-' + tp.name() + '-' + "time");
       if (setTime == null)
-        throw new RuntimeException("WTF? Tab-" + userName + '-' + tp.name() + '-' + "time
is null");
+        throw new RuntimeException("Tab-" + userName + '-' + tp.name() + '-' + "time is null");
       if (System.currentTimeMillis() < (setTime + 1000))
         return true;
     }
@@ -458,7 +294,7 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor,
Au
 
     if (fs == null) {
       try {
-        fs = FileSystem.get(CachedConfiguration.getInstance());
+        fs = FileSystem.get(new Configuration());
       } catch (IOException e) {
         throw new RuntimeException(e);
       }
@@ -467,40 +303,8 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor,
Au
     return fs;
   }
 
-  @Override
-  public boolean canAskAboutUser(TCredentials credentials, String user) throws ThriftSecurityException
{
-    try {
-      return super.canAskAboutUser(credentials, user);
-    } catch (ThriftSecurityException tse) {
-      if (tse.getCode().equals(SecurityErrorCode.PERMISSION_DENIED))
-        return false;
-      throw tse;
-    }
-  }
-
-  @Override
-  public boolean validTokenClass(String tokenClass) {
-    return tokenClass.equals(PasswordToken.class.getName());
-  }
-
   public static void clearInstance() {
     instance = null;
   }
 
-  @Override
-  public Set<Class<? extends AuthenticationToken>> getSupportedTokenTypes() {
-    Set<Class<? extends AuthenticationToken>> cs = new HashSet<>();
-    cs.add(PasswordToken.class);
-    return cs;
-  }
-
-  @Override
-  public boolean isValidAuthorizations(String user, List<ByteBuffer> auths) throws
AccumuloSecurityException {
-    Collection<ByteBuffer> userauths = getCachedUserAuthorizations(user).getAuthorizationsBB();
-    for (ByteBuffer auth : auths)
-      if (!userauths.contains(auth))
-        return false;
-    return true;
-  }
-
 }

-- 
To stop receiving notification emails like this one, please contact
['"commits@accumulo.apache.org" <commits@accumulo.apache.org>'].

Mime
View raw message